RSS

How-To Geek

Have you ever given or sold a PC to somebody else, but really wanted to completely wipe the hard drive first? Today we’ll show you how to use an Ubuntu Live CD to get your personal information off your PC.

When you delete a file in Windows, Ubuntu, or any other operating system, it doesn’t actually destroy the data stored on your hard drive, it just marks that data as “deleted.” If you overwrite it later, then that data is generally unrecoverable, but if the operating system don’t happen to overwrite it, then your data is still stored on your hard drive, recoverable by anyone who has the right software.

By securely deleting files or entire hard drives, your data will be gone for good.

Note: Modern hard drives are extremely sophisticated, as are the experts who recover data for a living. There is no guarantee that the methods covered in this article will make your data completely unrecoverable; however, they will make your data unrecoverable to the majority of recovery methods, and all methods that are readily available to the general public.

Shred individual files

Most of the data stored on your hard drive is harmless, and doesn’t reveal anything about you. If there are just a few files that you know you don’t want someone else to see, then the easiest way to get rid of them is a built-in Linux utility called shred.

Open a terminal window by clicking on Applications at the top-left of the screen, then expanding the Accessories menu and clicking on Terminal.

Navigate to the file that you want to delete using cd to change directories and ls to list the files and folders in the current directory.

As an example, we’ve got a file called BankInfo.txt on a Windows NTFS-formatted hard drive.

We want to delete it securely, so we’ll call shred by entering the following in the terminal window:

shred <file>

which is, in our example:

shred BankInfo.txt

Notice that our BankInfo.txt file still exists, even though we’ve shredded it. A quick look at the contents of BankInfo.txt make it obvious that the file has indeed been securely overwritten.

We can use some command-line arguments to make shred delete the file from the hard drive as well. We can also be extra-careful about the shredding process by upping the number of times shred overwrites the original file.

To do this, in the terminal, type in:

shred –remove –iterations=<num> <file>

By default, shred overwrites the file 25 times. We’ll double this, giving us the following command:

shred –remove –iterations=50 BankInfo.txt

BankInfo.txt has now been securely wiped on the physical disk, and also no longer shows up in the directory listing.

Repeat this process for any sensitive files on your hard drive!

Wipe entire hard drives

If you’re disposing of an old hard drive, or giving it to someone else, then you might instead want to wipe your entire hard drive. shred can be invoked on hard drives, but on modern file systems, the shred process may be reversible. We’ll use the program wipe to securely delete all of the data on a hard drive.

Unlike shred, wipe is not included in Ubuntu by default, so we have to install it. Open up the Synaptic Package Manager by clicking on System in the top-left corner of the screen, then expanding the Administration folder and clicking on Synaptic Package Manager.

wipe is part of the Universe repository, which is not enabled by default. We’ll enable it by clicking on Settings > Repositories in the Synaptic Package Manager window.

Check the checkbox next to “Community-maintained Open Source software (universe)”. Click Close.

You’ll need to reload Synaptic’s package list. Click on the Reload button in the main Synaptic Package Manager window.

Once the package list has been reloaded, the text over the search field will change to “Rebuilding search index”.

Wait until it reads “Quick search,” and then type “wipe” into the search field. The wipe package should come up, along with some other packages that perform similar functions.

Click on the checkbox to the left of the label “wipe” and select “Mark for Installation”.

Click on the Apply button to start the installation process. Click the Apply button on the Summary window that pops up.

Once the installation is done, click the Close button and close the Synaptic Package Manager window.

Open a terminal window by clicking on Applications in the top-left of the screen, then Accessories > Terminal.

You need to figure our the correct hard drive to wipe. If you wipe the wrong hard drive, that data will not be recoverable, so exercise caution!

In the terminal window, type in:

sudo fdisk -l

A list of your hard drives will show up. A few factors will help you identify the right hard drive. One is the file system, found in the System column of the list – Windows hard drives are usually formatted as NTFS (which shows up as HPFS/NTFS). Another good identifier is the size of the hard drive, which appears after its identifier (highlighted in the following screenshot).

In our case, the hard drive we want to wipe is only around 1 GB large, and is formatted as NTFS. We make a note of the label found under the the Device column heading. If you have multiple partitions on this hard drive, then there will be more than one device in this list.

The wipe developers recommend wiping each partition separately.

To start the wiping process, type the following into the terminal:

sudo wipe <device label>

In our case, this is:

sudo wipe /dev/sda1

Again, exercise caution – this is the point of no return!

Your hard drive will be completely wiped. It may take some time to complete, depending on the size of the drive you’re wiping.

Conclusion

If you have sensitive information on your hard drive – and chances are you probably do – then it’s a good idea to securely delete sensitive files before you give away or dispose of your hard drive. The most secure way to delete your data is with a few swings of a hammer, but shred and wipe from a Ubuntu Live CD is a good alternative!

Funnily a few swings of hammer is a really bad method to wipe a hard disk.
Good luck before you manage to break the platters, a HD’s case is super resistant.

What you could do is drill at least 3 holes through the HD and its platter, but then you’ll need a professional drill because it will require a lot of power.

Last but not least (this is the solution we use at work) is a degausser. It’s an expensive machine that generates a strong magnetic field and a. destroys most of the electronic inside and b. erases everything on the HD.

I have other solutions in fact, use CCleaner to wipe the HD, in the options of CCleaner you can ask to wipe empty space on a particular HD. Basically the software will write “0” on all the empty space of your HD. So simply format the HD with Windows for example and then use CCleaner to wipe empty disk space. By writing “0” everywhere, you are sure your old data will not be recoverable.

Another story about HD wipe, we had about 500s HD at work to throw away, instead of degaussing them one y one, we arrange with a waste management company to shred them all in an industrial shredder. One guy of our department had to go to visually confirmed the HDs were dead. Basically after the shredder you’re left with HD particules…. now this is what I call data security ;-)

You’re right, there are a few easier methods for wiping a drive, but we’ve been going through a series on how to use an Ubuntu Live CD to perform various PC maintenance tasks. The point is that you can take your Live CD anywhere, and use it to perform almost any maintenance task.

I don’t mean to crush your work but wouldn’t be alot easier to burn a disc of DBAN, since in your article you burn the ubuntu cd, and then install packages on top of that, but their is no point if dban is made to do that.

I know the default response is “better safe than sorry”, but it makes a huge difference in time when you are talking a lot of drives and data…so if its not necessary, why continue to propogate the idea?

Unless there is new evidence about data recovery, in which case, nevermind :p

Yes, you can sudo shred * in the root folder of a drive to obscure everything. It is less thorough than wipe, because journaling file systems may be able to revert the changes, but it’ll still be more secure than quick formatting the drive.

Unfortunately I don’t have the background in data security to answer your question as well as it should be answered. I share your skepticism, especially considering how incredibly dense information is packed on a hard drive nowadays (I’m still amazed that the technology doesn’t break down way more than it does now).

There are some advances in data recovery on the OS level, primarily with new journaling filesystems. With write caching, multiple iterations might not even get propogated to disk (of course, in this case, you also won’t take as big of a speed hit).

But yeah, you’re probably right that one or two iterations are all you need. I leave the wipe settings at their default simply out of ignorance of how much is really necessary.

This command is the equivalent (I think, don’t quote me) to a DoD3 wipe:

shred -zn4 /dev/hda

z makes the last pass zero the data. n lets you choose how many passes (4 in this case).

To my knowledge I don’t know of any method to recover data from a zeroing (shred -zn1 ) that you can do or even pay for. So unless you have a lot of free time to spend on wiping you disk, or are paranoid that the government will get you, I wouldn’t bother. (shred -zn1 is what I use.)

We use a security disintegrater to wipe our drives. Try to realign dust particles to reproduce a readable magnetic signature :) Basically grinds the drive into dust. Boards, platters, housing (drive complete) all goes in on end and dumps like sand in a hour glass on the other. This is by far the best method.

Where N is the amount of iterations you want to run. I usually do two or three, it then overwrites it all with zeros. Technically overwriting with zeros should be enough for any normal person as recovery is quite expensive afterwards.